what is __ksymtab? in linux kernel

Question

when we cat 'proc/kallsyms' or 'system.map' we get symbols like this

....
c033718c T nf_hook_slow
c04ca284 r __ksymtab_nf_hook_slow
c04ca28c r __ksymtab_nf_hooks
c04d24a0 r __kcrctab_nf_hook_slow
c04d24a4 r __kcrctab_nf_hooks
c04e9122 r __kstrtab_nf_hook_slow
c04e9179 r __kstrtab_nf_hooks
c054d854 D nf_hooks
c0571ca0 d nf_hook_mutex
....

1. what is the meaning of T, r, D, d stuffs?
2. I can find symbols in kernel source as EXPORT_SYMBOL(...) but there are others prefixing with __ksymtab... or __kstrtab... what are these?
3. Is is possible that there are symbols in System.map but excluded in /proc/kallsyms? (assuming kernel is compiled properly)
4. I have netfilter enabled linux kernel but I cant find the symbol 'nf_hooks' but there is '__ksymtab_nf_hook'. is there some way to get address of nf_hooks using __ksymtab_nf_hook?
5. I see in my linux source code EXPORT_SYMBOL(nf_hook) but I cant find it if I 'cat /proc/kallsyms'. is there some typical reason for this?

thank you in advance.

Answer 1

1. The format is similar to that of the output of nm utility, see also this page.

   To put it simple, 'T' usually denotes a global (non-static but not necessarily exported) function, 't' - a function local to the compilation unit (i.e. static), 'D' - global data, 'd' - data local to the compilation unit. 'R' and 'r' - same as 'D'/'d' but for read-only data.

2. These are the items from the special sections needed to export symbols so that the symbols could be used by kernel modules.

   For each exported symbol, al least the following is defined by EXPORT_SYMBOL():

   • __kstrtab_<symbol_name> - name of the symbol as a string
   • __ksymtab_<symbol_name> - a structure with the information about the symbol: its address, address of __kstrtab_<symbol_name>, etc.
   • __kcrctab_<symbol_name> - address of the control sum (CRC) of the symbol - it is used, for example, to check if the kernel or a module provides an exactly the same symbol as needed by a given kernel module. If a module requires a symbol with a given name and CRC and the kernel provides a symbol with that name but a different CRC (e.g. if the module was compiled for a different kernel version), the module loader will refuse to load that kernel module (unless this check is disabled).

   Take a look at the implementation of EXPORT_SYMBOL() macro in linux/export.h for details.

3. Not sure but I have not encountered a situation so far when a function ("text symbol") or a variable ("data symbol") was present in System.map but not shown in /proc/kallsyms if the kernel is compiled properly and with kallsyms fully enabled (CONFIG_KALLSYMS=y, CONFIG_KALLSYMS_ALL=y). If CONFIG_KALLSYMS_ALL=n, only the functions (to be exact, symbols from *.text sections) will be shown in /proc/kallsyms.

4. Depends on your kernel version. You can take a look at the definition of EXPORT_SYMBOL() for your kernel and find which type __ksymtab_<symbol_name> variables are. In the kernel 3.11, it is struct kernel_symbol defined in linux/export.h. Having the definition of that struct and its address, I suppose, you can get the address of the symbol: struct kernel_symbol::value. Haven't tried this myself though.

   Note, however, that __ksymtab_nf_hook is for nf_hook but not for nf_hooks. The name must match. nf_hooks and nf_hook are different entities.

5. Hard to tell without seeing the code and the relevant part of /proc/kallsyms. Maybe it is #ifdef'ed out and not compiled at all, may be there is something else.

   Besides, nf_hooks is a data item so it might not show up in /proc/kallsyms if CONFIG_KALLSYMS_ALL is 'n'.